Beispiel #1
0
 def testIOSNonCanonical(self):
     """Test parsing of IOS match terms in non-output formats."""
     x = "access-list 100 permit tcp any any eq ftp-data"
     y = "access-list 100 permit tcp any any eq 20"
     self.assertEqual(acl.parse(x).output_ios(), [y])
     x = "access-list 100 permit ip any 192.0.2.99 0.0.0.0"
     y = "access-list 100 permit ip any host 192.0.2.99"
     self.assertEqual(acl.parse(x).output_ios(), [y])
Beispiel #2
0
 def testIOSNonCanonical(self):
     """Test parsing of IOS match terms in non-output formats."""
     x = 'access-list 100 permit tcp any any eq ftp-data'
     y = 'access-list 100 permit tcp any any eq 20'
     self.assertEqual(acl.parse(x).output_ios(), [y])
     x = 'access-list 100 permit ip any 192.0.2.99 0.0.0.0'
     y = 'access-list 100 permit ip any host 192.0.2.99'
     self.assertEqual(acl.parse(x).output_ios(), [y])
Beispiel #3
0
 def testIOSACL(self):
     """Test parsing of IOS numbered ACLs."""
     text = '\n'.join(['access-list 100 permit ' + x for x in ios_matches])
     self.assertEqual('\n'.join(acl.parse(text).output_ios()), text)
     # Non-canonical forms:
     x = 'access-list 100 permit icmp any any log echo'
     y = 'access-list 100 permit icmp any any echo log'
     a = acl.parse(x)
     self.assertEqual(a.output_ios(), [y])
     self.assertEqual(a.format, 'ios')
Beispiel #4
0
 def testIOSACL(self):
     """Test parsing of IOS numbered ACLs."""
     text = "\n".join(["access-list 100 permit " + x for x in ios_matches])
     self.assertEqual("\n".join(acl.parse(text).output_ios()), text)
     # Non-canonical forms:
     x = "access-list 100 permit icmp any any log echo"
     y = "access-list 100 permit icmp any any echo log"
     a = acl.parse(x)
     self.assertEqual(a.output_ios(), [y])
     self.assertEqual(a.format, "ios")
Beispiel #5
0
    def testFirewallReplace(self):
        """Test JunOS ACL with "firewall { replace:" around it."""
        acl.parse('''
firewall {
replace:
    filter blah {
        term foo { 
            then {
                accept;
            }
        }
    }
}''')
Beispiel #6
0
 def testJunOSExamples(self):
     """Test examples from JunOS documentation."""
     examples = file(EXAMPLES_FILE).read().expandtabs().split("\n\n")
     # Skip the last two because they use the unimplemented "except"
     # feature in address matches.
     for i in range(0, 14, 2):
         if examples[i + 1].find("policer"):
             continue
         x = examples[i + 1].split("\n")
         y = acl.parse(examples[i]).output_junos()
         self.assertEqual(x, y)
         self.assertEqual(y.format, "junos")
         z = acl.parse("\n".join(y)).output_junos()
         self.assertEqual(y, z)
Beispiel #7
0
 def testJunOSExamples(self):
     """Test examples from JunOS documentation."""
     examples = file(EXAMPLES_FILE).read().expandtabs().split('\n\n')
     # Skip the last two because they use the unimplemented "except"
     # feature in address matches.
     for i in range(0, 14, 2):
         if examples[i + 1].find('policer'):
             continue
         x = examples[i + 1].split('\n')
         y = acl.parse(examples[i]).output_junos()
         self.assertEqual(x, y)
         self.assertEqual(y.format, 'junos')
         z = acl.parse('\n'.join(y)).output_junos()
         self.assertEqual(y, z)
Beispiel #8
0
    def testFirewallReplace(self):
        """Test JunOS ACL with "firewall { replace:" around it."""
        acl.parse(
            """
firewall {
replace:
    filter blah {
        term foo { 
            then {
                accept;
            }
        }
    }
}"""
        )
Beispiel #9
0
 def testIOSNamedACL(self):
     """Test parsing of IOS named ACLs."""
     x = 'ip access-list extended foo\n'
     x += '\n'.join([' permit ' + x for x in ios_matches])
     a = acl.parse(x)
     self.assertEqual(a.output_ios_named(), x.split('\n'))
     self.assertEqual(a.format, 'ios_named')
Beispiel #10
0
    def testPolicer(self):
        '''test policer stuff.'''
        x = \
'''firewall {
replace:
    policer test {
        if-exceeding {
            bandwidth-limit 32000;
            burst-size-limit 32000;
        }
        then {
            discard;
        }
    }
    policer test2 {
        if-exceeding {
            bandwidth-limit 32000;
            burst-size-limit 32000;
        }
        then {
            discard;
        }
    }
}'''
        a = acl.parse(x)
        self.assertEqual(a.output(replace=True), x.split('\n'))
Beispiel #11
0
    def testPolicer(self):
        """test policer stuff."""
        x = """firewall {
replace:
    policer test {
        if-exceeding {
            bandwidth-limit 32000;
            burst-size-limit 32000;
        }
        then {
            discard;
        }
    }
    policer test2 {
        if-exceeding {
            bandwidth-limit 32000;
            burst-size-limit 32000;
        }
        then {
            discard;
        }
    }
}"""
        a = acl.parse(x)
        self.assertEqual(a.output(replace=True), x.split("\n"))
Beispiel #12
0
 def testIOSNamedACL(self):
     """Test parsing of IOS named ACLs."""
     x = "ip access-list extended foo\n"
     x += "\n".join([" permit " + x for x in ios_matches])
     a = acl.parse(x)
     self.assertEqual(a.output_ios_named(), x.split("\n"))
     self.assertEqual(a.format, "ios_named")
Beispiel #13
0
 def testIOSACLNegation(self):
     """Test handling of "no access-list" command."""
     x = [
         'access-list 100 permit udp any any', 'no access-list 100',
         'access-list 100 permit tcp any any'
     ]
     self.assertEqual(acl.parse('\n'.join(x)).output_ios(), x[-1:])
Beispiel #14
0
    def testIOSNamedACLRemarks(self):
        """Test parsing of 'remark' lines in IOS named ACLs."""
        x = '''\
ip access-list extended foo
 permit nos any any
 remark Need more NOS!
 permit nos any any'''
        self.assertEqual(acl.parse(x).output_ios_named(), x.split('\n'))
Beispiel #15
0
    def testIOSNamedACLRemarks(self):
        """Test parsing of 'remark' lines in IOS named ACLs."""
        x = """\
ip access-list extended foo
 permit nos any any
 remark Need more NOS!
 permit nos any any"""
        self.assertEqual(acl.parse(x).output_ios_named(), x.split("\n"))
Beispiel #16
0
    def testDoubleQuotes(self):
        """Test JunOS double-quoted names (regression)."""
        x = """\
filter test {
    term "awkward term name" {
        then {
            accept;
            count "awkward term name";
        }
    }
}"""
        a = acl.parse(x)
        self.assertEqual(a.terms[0].name, "awkward term name")
        self.assertEqual("\n".join(a.output_junos()), x)
Beispiel #17
0
    def testDoubleQuotes(self):
        '''Test JunOS double-quoted names (regression).'''
        x = '''\
filter test {
    term "awkward term name" {
        then {
            accept;
            count "awkward term name";
        }
    }
}'''
        a = acl.parse(x)
        self.assertEqual(a.terms[0].name, 'awkward term name')
        self.assertEqual('\n'.join(a.output_junos()), x)
Beispiel #18
0
    def testTCPFlags(self):
        """Test tcp-established and is-fragment."""
        x = """\
filter x {
    term y {
        from {
            is-fragment;
            tcp-established;
        }
        then {
            accept;
        }
    }
}"""
        self.assertEqual(x, "\n".join(acl.parse(x).output_junos()))
Beispiel #19
0
    def testTCPFlags(self):
        """Test tcp-established and is-fragment."""
        x = '''\
filter x {
    term y {
        from {
            is-fragment;
            tcp-established;
        }
        then {
            accept;
        }
    }
}'''
        self.assertEqual(x, '\n'.join(acl.parse(x).output_junos()))
Beispiel #20
0
 def testRanges(self):
     '''Test JunOS ICMP and protocol ranges (regression).'''
     x = '''
 filter 115j {
     term ICMP {
         from {
             protocol tcp-17;
             icmp-type [ echo-reply 10-11 ];
         }
         then {
             accept;
             count ICMP;
         }
     }
 }'''
     a = acl.parse(x)
Beispiel #21
0
 def testRanges(self):
     """Test JunOS ICMP and protocol ranges (regression)."""
     x = """
 filter 115j {
     term ICMP {
         from {
             protocol tcp-17;
             icmp-type [ echo-reply 10-11 ];
         }
         then {
             accept;
             count ICMP;
         }
     }
 }"""
     a = acl.parse(x)
Beispiel #22
0
    def testCommentStress(self):
        #'''Test pathological JunOS comments.'''
        '''Test pathological JunOS comments. We want this to error in order to pass.
        NO MULTI-LINE COMMENTS!!
        '''
        x = '''
filter 100 {
    /* one */  /* two */
    term/* */y {
        from /*{*/ /******/ {
            protocol tcp; /*
            */ destination-port 80/**/;
            /* tcp-established; */
        }
        /* /* /* */
    }
}'''
        self.assertRaises(exceptions.ParserSyntaxError, lambda: acl.parse(x))
Beispiel #23
0
    def testCommentStress(self):
        #'''Test pathological JunOS comments.'''
        """Test pathological JunOS comments. We want this to error in order to pass.
        NO MULTI-LINE COMMENTS!!
        """
        x = """
filter 100 {
    /* one */  /* two */
    term/* */y {
        from /*{*/ /******/ {
            protocol tcp; /*
            */ destination-port 80/**/;
            /* tcp-established; */
        }
        /* /* /* */
    }
}"""
        self.assertRaises(exceptions.ParserSyntaxError, lambda: acl.parse(x))
Beispiel #24
0
    def testInactiveTerm(self):
        """Test terms flagged as inactive."""
        x = """\
filter 100 {
    term t1 {
        then {
            reject;
        }
    }
    inactive: term t2 {
        then {
            accept;
        }
    }
    term t3 {
        then {
            accept;
        }
    }
}"""
        y = acl.parse(x)
        self.assertEqual(y.output_junos(), x.split("\n"))
        self.assertRaises(exceptions.VendorSupportLacking, y.output_ios)
Beispiel #25
0
    def testInactiveTerm(self):
        """Test terms flagged as inactive."""
        x = '''\
filter 100 {
    term t1 {
        then {
            reject;
        }
    }
    inactive: term t2 {
        then {
            accept;
        }
    }
    term t3 {
        then {
            accept;
        }
    }
}'''
        y = acl.parse(x)
        self.assertEqual(y.output_junos(), x.split('\n'))
        self.assertRaises(exceptions.VendorSupportLacking, y.output_ios)
Beispiel #26
0
 def testModifierWithoutAction(self):
     """Test modifier without action."""
     x = '''filter x { term y { then { count z; } } }'''
     y = acl.parse(x)
     self.assertEqual(y.terms[0].action, ('accept', ))
Beispiel #27
0
 def testShorthandIPv4(self):
     """Test incomplete IP blocks like "10/8" (vs. "10.0.0.0/8")."""
     x = '''filter x { term y { from { address { 10/8; } } } }'''
     y = acl.parse(x)
     self.assertEqual(y.terms[0].match['address'][0].strNormal(),
                      '10.0.0.0/8')
Beispiel #28
0
 def testParseFile(self):
     """Make sure we can apply trigger.acl.parse() to file objects."""
     a = acl.parse(StringIO("access-list 100 deny ip any any"))
     self.assertEqual(a.name, "100")
Beispiel #29
0
 def testIOSACLDecoration(self):
     """Test IOS ACLs with comments, blank lines, and "end"."""
     x = "\n! comment\n\naccess-list 100 permit udp any any log ! ok\nend\n"
     y = ["! ok", "! comment", "access-list 100 permit udp any any log"]
     a = acl.parse(x)
     self.assertEqual(a.output_ios(), y)
Beispiel #30
0
 def testICMPIOSNames(self):
     """Test stringification of ICMP types and codes into IOS format."""
     x = "access-list 100 permit icmp 172.16.0.0 0.15.255.255 any 8"
     y = "access-list 100 permit icmp 172.16.0.0 0.15.255.255 any echo"
     self.assertEqual(acl.parse(x).output_ios(), [y])
     self.assertEqual(acl.parse(y).output_ios(), [y])
Beispiel #31
0
 def testNextTerm(self):
     '''Test "next term" action (regression).'''
     x = 'filter f { term t { then { next term; } } }'
     a = acl.parse(x)
Beispiel #32
0
 def testShorthandIPv4(self):
     """Test incomplete IP blocks like "10/8" (vs. "10.0.0.0/8")."""
     x = """filter x { term y { from { address { 10/8; } } } }"""
     y = acl.parse(x)
     self.assertEqual(y.terms[0].match["address"][0].strNormal(), "10.0.0.0/8")
Beispiel #33
0
 def testIOSBadACL(self):
     """Test handling of a bad ACL."""
     text = 'access-list 145 permit tcp any any;\naccess-list 145 deny ip any any'
     self.assertRaises(exceptions.ParseError, lambda: acl.parse(text))
Beispiel #34
0
 def testIOSACLDecoration(self):
     """Test IOS ACLs with comments, blank lines, and "end"."""
     x = '\n! comment\n\naccess-list 100 permit udp any any log ! ok\nend\n'
     y = ['! ok', '! comment', 'access-list 100 permit udp any any log']
     a = acl.parse(x)
     self.assertEqual(a.output_ios(), y)
Beispiel #35
0
 def testIOSBadACL(self):
     """Test handling of a bad ACL."""
     text = "access-list 145 permit tcp any any;\naccess-list 145 deny ip any any"
     self.assertRaises(exceptions.ParseError, lambda: acl.parse(text))
Beispiel #36
0
 def testICMPIOSNames(self):
     """Test stringification of ICMP types and codes into IOS format."""
     x = 'access-list 100 permit icmp 172.16.0.0 0.15.255.255 any 8'
     y = 'access-list 100 permit icmp 172.16.0.0 0.15.255.255 any echo'
     self.assertEqual(acl.parse(x).output_ios(), [y])
     self.assertEqual(acl.parse(y).output_ios(), [y])
Beispiel #37
0
 def testNextTerm(self):
     """Test "next term" action (regression)."""
     x = "filter f { term t { then { next term; } } }"
     a = acl.parse(x)
Beispiel #38
0
 def testIOSLongComments(self):
     """Test long comments in IOS ACLs."""
     # Regression: naïve comment handling caused this to exceed the
     # maximum recursion depth.
     acl.parse('!' * 200 + '\naccess-list 100 deny ip any any')
Beispiel #39
0
 def testIOSLongComments(self):
     """Test long comments in IOS ACLs."""
     # Regression: naïve comment handling caused this to exceed the
     # maximum recursion depth.
     acl.parse("!" * 200 + "\naccess-list 100 deny ip any any")
Beispiel #40
0
 def testModifierWithoutAction(self):
     """Test modifier without action."""
     x = """filter x { term y { then { count z; } } }"""
     y = acl.parse(x)
     self.assertEqual(y.terms[0].action, ("accept",))
Beispiel #41
0
 def testParseFile(self):
     """Make sure we can apply trigger.acl.parse() to file objects."""
     a = acl.parse(StringIO('access-list 100 deny ip any any'))
     self.assertEqual(a.name, '100')
Beispiel #42
0
 def testIOSACLNegation(self):
     """Test handling of "no access-list" command."""
     x = ["access-list 100 permit udp any any", "no access-list 100", "access-list 100 permit tcp any any"]
     self.assertEqual(acl.parse("\n".join(x)).output_ios(), x[-1:])